Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 341:

  Which of the following statements is true regarding a FortiGate device operating in transparent mode? (Choose three.)

  A. It acts as a layer 2 bridge

  B. It acts as a layer 3 router

  C. It forwards frames using the destination MAC address.

  D. It forwards packets using the destination IP address.

  E. It can perform content inspection (antivirus, web filtering, etc)

  Correct Answer: ACE

• Question 342:

  What is the maximum number of different virus databases a FortiGate can have?

  A. 5

  B. 2

  C. 3

  D. 4

  Correct Answer: B

• Question 343:

  Which is true about incoming and outgoing interfaces in firewall policies?

  A. A physical interface may not be used.

  B. A zone may not be used.

  C. Multiple interfaces may not be used for both incoming and outgoing.

  D. Source and destination interfaces are mandatory.

  Correct Answer: D

• Question 344:

  Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from a FortiGate? (Choose two.)

  A. ACCESS-CHALLENGE

  B. ACCESS-RESTRICT

  C. ACCESS-PENDING

  D. ACCESS-REJECT

  Correct Answer: AD

• Question 345:

  Which statement best describes what the FortiGate hardware acceleration processors main task is?

  A. Offload traffic processing tasks from the main CPU.

  B. Offload management tasks from the main CPU.

  C. Compress and optimize the network traffic.

  D. Increase maximum bandwidth available in a FortiGate interface.

  Correct Answer: A

• Question 346:

  Review to the network topology in the exhibit. The workstation, 172.16.1.1/24, connects to port2 of the FortiGate device, and the ISP router, 172.16.1.2, connects to port1. Without changing IP addressing, which configuration changes are required to properly forward users traffic to the Internet? (Choose two)

  

  A. At least one firewall policy from port2 to port1 to allow outgoing traffic.

  B. A default route configured in the FortiGuard devices pointing to the ISP's router.

  C. Static or dynamic IP addresses in both ForitGate interfaces port1 and port2.

  D. The FortiGate devices configured in transparent mode.

  Correct Answer: AD

• Question 347:

  Which best describes the authentication timeout?

  A. How long FortiGate waits for the user to enter his or her credentials.

  B. How long a user is allowed to send and receive traffic before he or she must authenticate again.

  C. How long an authenticated user can be idle (without sending traffic) before they must authenticate again.

  D. How long a user-authenticated session can exist without having to authenticate again.

  Correct Answer: C

• Question 348:

  Which is NOT true about source matching with firewall policies?

  A. A source address object must be selected in the firewall policy.

  B. A source user/group may be selected in the firewall policy.

  C. A source device may be defined in the firewall policy.

  D. A source interface must be selected in the firewall policy.

  E. A source user/group and device must be specified in the firewall policy.

  Correct Answer: E

• Question 349:

  Files reported as "suspicious" were subject to which Antivirus check"?

  A. Grayware

  B. Virus

  C. Sandbox

  D. Heuristic

  Correct Answer: D

• Question 350:

  Which profile could IPS engine use on an interface that is in sniffer mode? (Choose three)

  A. Antivirus (flow based

  B. Web filtering (PROXY BASED)

  C. Intrusion Protection

  D. Application Control

  E. Endpoint control

  Correct Answer: ABD